The present invention relates generally to encrypted message communication, and more specifically to communication of message data via a network from a sender computer to a receiver computer, using encryption to protect the message data.
Today, most people still do not encrypt their email. This is generally because the communicating parties do not own certified public-private key pairs. The exchange of sensitive message data is therefore problematical. Users can download special encryption software, encrypt the data with this software, and send the resulting ciphertexts via email. However, users still need to securely exchange the (symmetric) encryption keys. Proper cryptographic encryption keys are based on random cryptographic values. The degree of randomness, or “entropy”, in these values inhibits determination of the key by guesswork. Such keys comprise long (e.g. 120 bit) strings of (cryptographically-random) bits, and secure communication of these keys generally requires use of certified public-private key pairs. Therefore, instead of choosing proper high-entropy encryption keys, users typically use (low-entropy) human-memorizable passwords as encryption keys. These can conveniently be exchanged personally, e.g. by phone or text. The drawback of this approach is that the email provider can launch offline password-guessing attacks on the encrypted data. As modern hardware can try billions of passwords per second, use of encryption keys based on passwords makes the system fundamentally insecure.
Another way to exchange sensitive message data is to use a specialist third-party service such as those offered at turtl.it, zoho.com and dropbox.com. However, these services require users to subscribe to the website and/or install additional trusted software, which may not be possible or desirable. In addition, encryption here may be performed by the service provider itself and/or using password-based keys so that a recipient with the password can decrypt the sender's message. Some systems involve use of public-private key pairs for communication of passwords. However, the third-party host can either access messages directly or simply by performing an offline attack on the password.